3 matches found
CVE-2009-2713
Sun Java System Access Manager 7.0 (2005Q4) and 7.1 with Cross Domain Single Sign On enabled is affected by CVE-2009-2713. The issue is that the CDCServlet component does not ensure policy advice is presented to the correct client, enabling potential information disclosure via unspecified vectors...
CVE-2007-0628
CVE-2007-0628 concerns multiple XSS vulnerabilities in Sun Java System Access Manager versions 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) prior to 20070129. The flaws allow remote attackers to inject arbitrary web script or HTML through the goto or gx-charset parameters. The NVD entry lists a C...
CVE-2008-1204
CVE-2008-1204: XSS vulnerabilities in the Administration Console of Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script/HTML via unspecified vectors in the Help and Version windows. The NVD entry lists a base CVSS v2 score of 4.3 (Network attack v...